Biggest Corporate Frauds
13.09.2022
Back to blog listBiggest Corporate Frauds
Companies and their employees should be aware of these threats!
Fraud is a cyber-risk, which endangers both private internet users and companies. We offer you to examine the issue of corporate fraud more precisely in order to be able to strengthen your organization’s security perimeter.
Recently, mentions of numerous fraud schemes that specifically target businesses have been published in different mass media channels, on various forums etc. Fraud schemes often involve phishing emails, fake invoices, distribution of malware or blackmail attempts. In order to minimize the damage, which can be caused to a company by such malicious acting, it’s crucial to ensure, that your employees recognize the dangers and understand how to respond adequately.
What is corporate fraud?
Just like with scam, targeting consumers and individuals, corporate fraud can be implemented in many ways.
Widespread traps include the following:
- Phishing, which remains one of the most basic and critical risk to any kind of business, often, it’s the first step of performing a targeted attack. The main aim of criminals in such case is to obtain data from employees. Usually, they send an e-mail or SMS (in such case this attack is called smishing), sometimes the criminals make a phone call (this type of attack is called vishing). The messages contain links or file attachments, and intruders try to trick victims to fill in some personal or confidential data there.
- Business e-mail compromise or CEO fraud is a scam in which an attacker pretends to be an employee or the CEO of a company. Criminal either gain access to a company email account or mimic the regular company address with the aim of obtaining money or data.
- Ransomware is a specific form of malware that frequently affects businesses. In such types of attacks, the malware blocks access to company’s data or systems, for instance, encrypts some crucial data. Then intruders demand a ransom for encryption keys. Fake stores are also a popular form of Internet fraud. Some fake B2B stores, that specifically target companies do exist. For instance, fake stores that lured companies with low-cost Covid-19 tests were set up during the Corona period. This form of fraud is expected to grow in popularity in the nearest future.
- Cloaking is a search engine optimization (SEO) method that is more and more widely used by intruders. As a result of this malicious scheme implementation, hacked websites are misused to redirect to fake stores. For affected victims, it’s often difficult to recognize, that fraud took place.
How can companies and employees protect themselves?
Many attacks are based on the so-called method of "social engineering". Before performing an attack, criminals gather data on a company, peculiarities of its business processes and technical systems, as well as on employees. When this information is gathered, they try to deceive employees into disclosing confidential and crucial corporate data, which will enable intruders to perform bank transfers or will provide the criminals with internal access to the company’s infrastructure.
If you really want to ensure strong cyber security protection of your organization, it’s of crucial importance to keep your employees up-to-date in terms of cybersecurity.
Thus, we suggest the following piece of advise:
- Is the source trustworthy?
Before you comply with prompts you receive by an email, text message or via a phone call, you should ask yourself who asks you to complete the requirement? Does the sender's address actually match the real company’s address? Do you know the phone number? Is the phone number hidden? If so, isn't that a bit unusual behavior for the CEO?
- What does the sender know about you and the company?
Nowadays, it’s possible to obtain plenty of data on a company or on a certain person, however, sometimes pieces of crucial data are still missing. Stop for a minute, take a breath and remember, that a requirement or request may originate from an intruder. Thus, give yourself some time to think, if you are allowed to disclose certain changes or data, or whether additional steps and info are required to do, what you are asked.
- Does the request make sense?
Does your CEO really need several million euro right now? Have there been any negotiations recently, concerning this particular deal? And wouldn't your CEO close the deal another way? Before you act, you should consider, whether the request makes sense. For instance, it’s unusual for your company’s bank to ask for data via a phone call – if they suddenly do so, such an atypical request should be considered as an alarm.
- Use official channels!
You should not type in any confidential data via a link in a dubious e-mail or tell it via a phone call. Always log in only via official websites and use additional communication channels to verify information!
- Do not let them make you rush!
In case it’s emphasized in any way, that the issue is very urgent, you should be especially careful. This is the favored intruders’ method, which is used in order not to give a victim a chance to reflex and assess the risks, and, thus, make a victim to act quickly. Take your time, check everything and get in touch with colleagues or managers, before making a decision. These tips are helpful for the task of organizations’ protection. Nevertheless, it’s not enough to provide your employees with only theory itself – it’s required to organize occasional practical trainings and from time to time simulate attacks in order to assess the level of staff members’ computer literacy. No one should forget that methods, implemented by criminals, improve regularly and become more and more sophisticated.
The ten biggest fraud incidents in the financial sector
The first case is about an accounting scandal. The accounting frauds of the energy company ENRON, with the overall sum of almost 56 billion euro, are considered to be the largest corporate fraud in the USA. ENRON's creditors in 2001 included the bank Lehman Brothers. The bank received compensation of 195 million euros and went bankrupt itself in 2008.
The US real estate crisis is considered to be the trigger for the bankruptcy of Lehman Brothers Bank and marks the beginning of the global financial crisis since 2008. As a result of the financial crisis, the US FBI exposed the systematic investment fraud of the chairman of the technology exchange NASDAQ, Bernard Madoff. For more than 50 years, he had run an investment fund according to the illegal Ponzi scheme and embezzled more than 44 billion euros. Swiss lawyers estimated that in 2009 about three million people worldwide were directly or indirectly affected by Madoff's fraud.
The case of Tyco International. Before the scandal happened, Tyco was considered a reliable company, manufacturing electronic components, health care, and safety equipment. The scandal was connected with company’s CEO Dennis Kozlowski actions. As it turned out, he stole trooves of money from Tyco (in the form of unapproved loans and fraudulent stock sales).Together with some other executives he received $170 million in low-to-no interest loans without shareholder approval. Top-managers arranged to sell 7.5 million shares of unauthorized Tyco stock for a reported $430 million. Then, money were retrieved as executive bonuses or benefits.
The case of WorldCom. The problem was that a few top managers, including CEO Bernie Ebbers orchestrated a scheme to inflate profits to maintain WorldCom's stock price. The sum of more than $3.8 billion in fictitious accounting entries was revealed. In 2005, the company’s CEO was subsequently sentenced to 25 years in prison. CEO Bernie Ebbers was convinced with fraud, conspiracy and filing false documents.
Yasuo Hamanaka manipulated the copper market in the 1990s with fictitious purchases to hide the losses of his division in Sumitomo. When Hamanaka was exposed in 1996, the loss was estimated at 2.29 billion euros. The founder of the German company Flowtex, Manfred Schmider, sold about 3,000 special drilling instruments that existed only on paper. The loss amounted to 1.99 billion euros. Although he wasn’t sentenced to years, he was found guilty and the prosecution asked for 14 months of imprisonment for him in prison in Switzerland.
The bank Credit Suisse had managed loans and bond sales for Mozambique amounting to 1.76 billion euros. But the loans burst and capital disappeared without a trace. On March 1, 2019, Mozambique's attorney general filed a lawsuit against Credit Suisse in a London court.
The financial firm MF Global speculated in European government bonds in 2011. The amount embezzled was around 36 billion euros.
The Cendant financial scandal developed into the biggest fraud of the 1990s. Almost 17 billion euros were embezzled.
As an employee of the French bank Société Générale, Jérome Kerviel single-handedly caused a loss of 6.17 billion euros in speculative transactions.